Spectre and Meltdown Used in the Wild

by Brent Kirkpatrick

(Date Published: 3/1/2018.)

After they were announced, the Spectre and Meltdown hacks were used by hackers.

Disclosure of the Spectre and Meltdown hacks took place in January, 2018. These were classified as critical vulnerabilities (in the CVE classification system). Software engineers worked quickly to create patches, many of which had been released by mid-February. Although patches are available many systems remain unpatched. This leaves many systems vulnerable to exploit.

After the disclosure of Spectre and Meltdown, Intrepid Net Computing has observed exploits in the wild that are very similar to Spectre and Meltdown. What would have happened if they had not been announced publicly?

The public disclosure of these critical vulnerabilities spurred rapid innovation of patches. If they had not been made public, likely patching would have proceeded in a less frenzied fashion. The patches would have been produced more slowly, but hackers would not have been able to reproduce the exploits and use them.